Security Advisories

Security Advisories


Apple has rolled out an update for its macOS Big Sur operating system to address a bevy of security flaws, including a vulnerability that could allow malware to circumvent the operating system’s built-in protection mechanisms.


Android fake application is capable of spreading itself via WhatsApp messages. If the user downloads the fake application and grants appropriate permissions, the malware is capable of automatically replying to victim’s incoming WhatsApp messages with a payload.


Microsoft released patches to fix critical and high Remote Code Execution vulnerabilities, CVE2021-28480, CVE-2021-28481 CVE-2021-28482 & CVE-2021- 28483 in Microsoft Exchange Server.


Adobe has released security patches for vulnerabilities now resolved in seven of its products. The impacted software is Photoshop, Illustrator, Animate, Bridge, InCopy, Captivate, and Campaign Classic.


Pop-ups are generated by websites to offer users additional information or guidance, such as how to fill in a form or how to apply a discount code. However, some can be unwanted or even harmful - these are usually fake pop-ups.


The actively exploited vulnerability tracked as (CVE-2021-21972) allows attacker to upload files and execute commands without any authorized privileges.


Adobe patches multiple critical and important vulnerabilities including zero day CVE-2021-21017 for Adobe Acrobat and Reader for Windows and macOS. Successful exploitation could lead to arbitrary code execution in the context of the current user.


Microsoft has fixed two critical remote-code execution flaws in the TCP/IP implementation in Windows that could be exploited by network-based attackers to either gain control of a target system or cause a denial-of-service


One of the patched and actively exploited zero-day, tracked as 'CVE-2021-1732 - Windows Win32k Elevation of Privilege Vulnerability' allows an attacker or malicious program to elevate their privileges to administrative privileges.


Zyxel devices contain a hardcoded administrative backdoor account in firmware version 4.60, that can grant attackers admin level access to devices via either the SSH interface or the web administration panel.


On Dec. 13, the cyber community observed one of the most significant cybersecurity events of our time, impacting both commercial and government organizations worldwide.


This Joint Cybersecurity Advisory was coauthored by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).


The Trend Micro InterScan Web Security Virtual Appliance (IWSVA) is affected by multiple critical security issues. Unauthenticated attackers are able to gain root access to the appliance via chained attack vectors, such as CSRF protection bypass, authorization & authentication bypass, and more.


Two federal agencies and FireEye were breached through updates of widely used IT infrastructure management software - the Orion network monitoring product from SolarWinds.


Microsoft has published 58 security fixes across 10+ products and services, as part of the company's monthly batch of security updates, known as Patch Tuesday. More than a third of these patches (22) are classified as remote code execution (RCE) vulnerabilities. 


Business Email Compromise (BEC) scammers are exploiting web-based email clients’ autoforwarding rules to intersect financial transactions.


Thirteen years old malware Bandook variants once again targets multiple sectors. Dozens of digitally signed variants of this malware started to reappear in the threat landscape.


Google Drive has become a new lure for scammers to phish unaware victims. A flaw in Google Drive is being exploited to send out seemingly legitimate emails and push notifications from Google that, if opened, redirects to malicious websites.


According to Oracle, the attack is “low” in complexity, requires no privileges and no user interaction and can be exploited by attackers with network access via HTTP.


Microsoft recently published a security patch addressing a remote code execution vulnerability in the IPv6 stack, known as CVE-2020- 16898 or "Bad Neighbor". The issue is caused by an improper handling of Router Advertisement messages, which are part of the Neighbor Discovery protocol.


Nearly 800,000 VPNs around the world need urgent patching after vendor (Dell SonicWall) issued a security update for a critical flaw last week.


Kraken Attack operators injects malicious payload into legitimate Microsoft Windows Error Reporting (WER) Service to evade detection.


A new malware family called Mozi, using several known malware families code– Gafgyt, Mirai and IoT Reaper have been brought together to form a peer-to-peer (P2P) botnet capable of DDoS attacks, data exfiltration and command or payload execution. 


Hackers are launching brute-force attacks on MSSQL servers to install a new crypto-mining malware MrbMiner.


The vulnerability, dubbed as “Zerologon,” is a critical severity, privilege-escalation vulnerability (CVE-2020-1472) assigned a CVSS score of 10 out of 10. The flaw was addressed in Microsoft’s August 2020 security updates.


Visa detected an advanced and unique E-skimming JavaScript based malware kit that is able to steal payment card data from ecommerce sites and uses anti-detection techniques to hide from security scanners.


Cryptojacking worm Cetus infects unsecured Docker daemons with XMRig cryptominer payload to mine monero.


FitzFrog botnet written in GOlang is using secure and encrypted Peer-to-Peer communication protocol to distribute malware and take control of device nodes. Encrypted communication makes the botnet difficult to detect and enables it to propagate across multiple infected SSH servers.


A high severity vulnerability, CVE 2020-13699, in TeamViewer could allow for offline password cracking when visiting malicious website.


The new “BootHole” vulnerability in the GRUB2 bootloader opens up Windows and Linux devices using Secure Boot to attack.


The stealthier and most sophisticated modular variant of Valak malware appears to be an emerging threat due to an increased volume of campaign activity to steal sensitive information and deploy additional malware.


TrickBot, initially developed as banking malware is now constantly evolving and aggregates powerful techniques to attack variety of organizations. TrickBot is often used with other malware in multistage attacks.


Fraudsters are sending Fake MUDRA Loan Approval Letters asking people to pay loan processing fees via Whatsapp, SMS, email for loan payment.


Microsoft has just released emergency security patches for two critical security holes in the Windows Codecs Library.


A variant of the CryptoMix, Clop ransomware is spreading via executables with legitimate digital signatures and is targeting entire networks instead of individual users.


The Evil Corp group targets victims with WastedLocker Ransomware; uses multiple unknown distribution methods including SocGholish. SocGholish is a fake update framework, which is delivered to the victim in a zipped file via compromised websites.


Conti Ransomware infection, is increasing by the day, using unique techniques like fast encryption, string encoding, targeted damage and abusing Windows Restart Manager.


Emotet is back with massive malspam campaign containing malicious links and documents to install backdoor and deliver other malware.

Download the Security Alert Brochure